Skillv1.0.2

ClawScan security

Seedance Video · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 26, 2026, 12:31 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement the advertised Seedance video generation flow, but its metadata and documentation are inconsistent about required credentials and provenance, so install only after resolving those mismatches.
Guidance: This skill implements Seedance video generation and the included seedance.py CLI will call ark.cn-beijing.volces.com and requires an ARK_API_KEY. Before installing or enabling it: (1) Confirm the skill metadata is corrected to list ARK_API_KEY as a required env var (and to disclose any optional Feishu tokens if you expect to use that feature). (2) Verify the skill author/owner and source (the package _meta and registry owner differ and README/LICENSE conflict). (3) Review seedance.py yourself — it base64-encodes local images and uploads them to the listed API endpoint and will download generated videos to a local folder (~/Desktop in examples). (4) If you don't trust the source, don't set ARK_API_KEY in environments with sensitive permissions. (5) Ask the publisher to fix metadata, license statement, and disclose any optional integrations (Feishu) before installing. If those items are clarified, the skill looks coherent for its advertised purpose; until then treat it as suspicious.
Findings: [pre-scan-injection-none] expected: The package scan reported no pre-scan injection signals. Absence of regex findings is not evidence of correctness; the primary incoherences are in the metadata vs. runtime code and docs.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and seedance.py clearly require an ARK_API_KEY to call the Volcengine/Ark API (and SKILL.md shows commands that use it). However the registry metadata at the top of the package claims "Required env vars: none" and "Primary credential: none" — that is an incoherence. Other docs (CHANGELOG) also mention optional Feishu integration and an app_access_token, which is not declared in the skill metadata either. Owner/slug/version information in _meta.json and registry metadata differ, and README/LICENSE present conflicting license statements (README says MIT, LICENSE file is Apache-2.0). These mismatches affect provenance and what credentials will actually be needed.
Instruction Scope: noteSKILL.md instructs the agent to (a) check ARK_API_KEY, (b) run the included seedance.py CLI which uploads text/images (local files may be base64-encoded) to ark.cn-beijing.volces.com, polls task status, and optionally downloads the resulting MP4 to ~/Desktop. Those instructions are consistent with a text/image→video integration and do not instruct reading unrelated system secrets or files beyond the user-supplied media. The CHANGELOG and other docs mention additional flows (Feishu upload) not surfaced in the primary SKILL.md, which may prompt the user or integrator to add more credentials later — that is scope creep in the repository documentation, even if not used by the main CLI.
Install Mechanism: okThere is no install spec and the skill is instruction-only plus a small Python CLI (seedance.py). Nothing in the package downloads remote code at install time. This is a lower-risk install mechanism; the included Python script will run network calls at runtime, which is expected for this purpose.
Credentials: concernThe runtime requires ARK_API_KEY (seedance.py calls get_api_key and exits if it's missing), but the package metadata omitted declaring this required env var. The CHANGELOG mentions Feishu credentials for an optional video-sending guide (app_access_token), which are also not declared. Requiring ARK_API_KEY is proportionate to the stated purpose, but the metadata omission is misleading and could cause surprise or hidden credential requests later.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills or global agent settings. It runs as a normal, user-invocable skill. It downloads results to a user-specified directory (default examples use ~/Desktop) and executes a macOS 'open' command only when showing results — this is limited in scope.